Defense of the (Cyber) Realm

What micronations need to know about cyber weapons, cyber warfare, and cyber defense

A presentation by Slabovian Cyber External Network Threat Defense, Reconnaissance, and Operational Planning (SCENTDROP)

Presented at MicroCon 2023 – 1 July, 2023

The Usual View of Micronational War…

Cyber War may present a different picture…

My Qualifications…?

• Working in various aspects of computer security since 2001
• Threat intelligence
• Security Incident Response team lead
• Ethical hacking and penetration testing
• Endpoint controls team lead
• Academic work
• Doctoral Student of Information Technology, specializing in Cybersecurity (City University of Seattle, ongoing)
• M. Sc. In Cybersecurity and Information Assurance (Western Governors University, 2022)
• B. Sc. In Computer Science (University of Western Ontario, 2001)
• Certificate in Emergency Management (George Brown College, 2016)
• Certificate in Security, Intelligence and Counter-Terrorism (George Brown College, 2017)
• Certificate in Intelligence Analysis (Anacapa, 2012)
• Computer Programming Instructor (Westervelt College, 1994-1997)
• Other active certifications
• CISSP (ISC², 2004)
• CISA (ISACA, 2006)
• Security Architecture certification (SABSA, 2015)
• Certified Ethical Hacker (EC-Council, 2022)
• So, I might know a few things. ☺ I’ll try to keep this short…
• I am NOT a lawyer and nothing in this presentation constitutes or should be taken as legal advice

Today’s Topics

• What’s at risk?
• What are the likely threats?
• Why is Cyber Warfare a threat to Micronations?
• What can we do to protect ourselves?
• A proposal

​

WARNING!

• Do NOT take away any ideas from this presentation about instigating cyber attacks!
• Doing so may incur the Wrath Of George^tm

Definitions

• Cyber Weapon
• Any program, script, utility, code, etc. that interacts with a computer in a manner unexpected to the user, generally covert and/or malicious
• Any document, e-mail, webpage, etc. that conveys such a payload to an unsuspecting user
• Cyber War
• Any hostile (overt or covert) act against a micronational entity that’s conveyed by or targeting computer systems or networks supporting or hosting that micronation or its infrastructure.
• The impacts of such acts have the potential to affect the confidentiality, integrity, and/or availability of those systems and networks.

A Few (In)Famous Cyberweapons

• Stuxnet – probably started it all… Attributed to American and Israeli intelligence services, targeting Iranian nuclear centrifuges via four different zero-day vulnerabilities, including in Siemens Step7 software, to attack Programmable Logic Controllers (PLCs), physically damaging dozens of centrifuges
• CrashOverride – attributed to Russian intelligence, crashed substations of the Ukrainian power grid in December 2016, blacking out 20% of Kiev, by attacking Industrial Control Systems (ICS)
• Trisis – Attributed to Russia, used to attack and disable safety systems at a petrochemical facility in Saudi Arabia in 2017 by attacking ICS

What’s at Risk?

• Traditional information security deals with the “CIA triad”
• Not the “Culinary Institute of America” (but they do have a nice restaurant)
• Also not the intelligence agency (who don’t have a nice restaurant AFAIK)
• Confidentiality (everyone has secrets)
• Integrity (can you trust your data?)
• Availability (ERROR 404 – Country not found!)
• Some sources add two more aspects
• Authenticity (“It’s the real thing!”)
• Non-repudiation (“I didn’t say that!”)

What are the likely threats?

“Why would anyone attack ME?”

Source: https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/

Why does Cyber Warfare pose a threat to us?

• Unlike traditional warfare, cyber attacks have a very low “barrier to entry”
• Both information and tools for hacking are readily available online
• Hacking and virus writing courses can be purchased on sites like Udemy
• A search for “How to hack” turns up nearly fifteen million results on Google
• Searching for “Hacking” on Amazon.com turns up over 7000 books
• Amazon also sells hardware key loggers and “rubber ducky” style USB attack keys
• Kali, Parrot, BlackArch, BlackBuntu Linux distros are all available for free download
• Come with many hacking tools already installed for the security professional – or the “black hat”
• Easy to attack someone on the other side of the planet without regard for geography
• Trans-national legal issues (among other things) make investigation and punishment of attacks much more difficult
• Increasing pervasiveness of technology in daily life
• More services are moving online
• Many people consider the Internet a part of “essential services”
• Many micronations are particularly susceptible to disruption by cyber-attack due to their distributed nature and lack of redundant resources relative to macronational entities

Protective Measures – It’s not magic!

• Basic cybersecurity steps are adequate to block up to 98% of cyber attacks (according to Microsoft)
• Don’t use pirated software
• Same for end-of-life software (Adobe Flash, Windows 7, Internet Explorer, etc.)
• Use antivirus, ad-blocker, and a firewall
• Keep antivirus signatures updated
• Apply all software patches/updates in a timely manner (ideally ASAP)
• Back up your data! (Not just once…)
• Test your backups…
• Don’t forget your phone’s security!
• Patches, AV, don’t side-load or jailbreak, etc.

Advanced Protective Measures

• Reduce your “attack surface” by disabling or removing unused features and applications
• Don’t login as Administrator (or root) for day-to-day stuff
• Use two-factor authentication (i.e. SMS or Google Authenticator) wherever it’s supported
• NOTE: this can also be attacked by a determined adversary
• Encryption is your friend
• data at rest and data in motion
• Think before you click! (Particularly bit.ly-type links…)
• Consider moving from Windows to Linux or Apple macOS (less malware overall)
• Consider using a Virtual Machine (i.e. Oracle VirtualBox)
• Use a VPN, particularly with free wifi (i.e. at the airport or coffee shop)
• Enable application whitelisting
• Submit suspicious attachments to VirusTotal
• Use a “USB Condom” when charging your phone

​

Pondering Passwords…

• The usual advice: “Treat your passwords like your underwear!”
• Don’t ever share them with others
• Only use fresh ones
• I.e. don’t use the same password on multiple websites to prevent “credential stuffing attacks”
• The longer the better
• Change them regularly…
• Actually, we’d prefer if you had long ones versus changing them all the time
• A lot of companies get this wrong…
• Uh-oh… the average person has 100+ passwords!
• Check your IDs periodically at haveibeenpwned.com

Key Point -> Longer passwords = stronger passwords

If you do get breached…

• Dealing with malware…
• Best approach is to buy a new computer ☹
• Second-best is to replace the hard drive
• Some sophisticated malware can survive reformatting the hard drive
• Clean install of the operating system and all applications (latest versions!), apply all patches, then restore your data from the most recent backups
• You DID make backups, right?
• Change ALL your passwords
• Wait, what did we say about 100+ passwords again?
• Understand HOW you got breached and take steps to prevent recurrence

What if you’re targeted by an Advanced Persistent Threat?

• Zero trust
• Did you write that operating system?
• Did you build that computer?
• Did you make the microchips yourself?
• Assume breach
• Assume everything is already compromised…
• Good luck

Memetic Warfare

• Internet memes are captioned photos that are shared on social media
• They usually resonate with the reader at some level
• This encourages the reader to reshare the meme, encouraging propagation
• They may have a political slant to them
• It’s very difficult to stop a meme that’s gone viral
• Hard to fact-check in a timely manner
• Memes definitely impact on public opinion

What does the future hold? Nothing good…

Privacy on the Internet…?

Good (technical) Cybersecurity Resources!

• CIS Critical Security Controls – the “Top Eighteen”
• https://www.cisecurity.org/controls/cis-controls-list
• NIST Cybersecurity Framework – Comprehensive general framework
• https://www.nist.gov/cyberframework
• MITRE ATT&CK Framework – Understand the attacker
• https://attack.mitre.org/
• Cyber Kill Chain – Disrupt the attacker
• https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• OWASP – Application Security
• https://owasp.org/

Finally, A Proposal…

• Cyber Hostility Intervention Comprehensive Agreement Governing Offense
• AKA “The CHICAGO Agreement”
• The agreement bans offensive use of cyber weapons or other cyber attacks (doxing, etc.) by signatory micronations
• Any nation who signs today gets a souvenir ☺
• Possible future state: MISAC (Micronational Information Sharing & Analysis Center) – cyber threat intelligence for micronations?!?

What happens next is up to you…

Questions?